Yes, You Should be Hacking Your Car’s Data System

If you own a car, I would wager it’s the most complex device you own. Within you find locomotion, safety systems, and an entertainment system that may be using technology from several decades ago (but that’s a rant for a different article). Jalopy or Sweet Hotness, your ride has an underlying data network that is a ton of fun to hack, and something of a security dinosaur. Both were discussed by Craig Smith and Erik Evenchick during their talk on Car Hacking tools at Hope XI.

You should recognize both of these names. Eric Evenchick is a Hackaday contributor who has been traveling the world presenting talks and workshops on his open source car hacking hardware called CANtact. Craig Smith is founder of OpenGarages and author of the Car Hacker’s Handbook which we highly recommend. The pair made a great joint presentation; both were charismatic, using wit to navigate through the hardware, software, techniques, and goals you want to have in mind to jump into car hacking.

Continue reading “Yes, You Should be Hacking Your Car’s Data System”

We Declare The Grandmaster Of Pokemon Go GPS Cheats

Since Pokemon Go blew up the world a couple of weeks ago we’ve been trying to catch ’em all. Not the Pokemon; we’ve been trying to collect all the hardware hacks, and in particular the most complete GPS spoofing hack. We are now ready to declare the first Grandmaster GPS spoofing hack for Pokemon Go. It broadcasts fake GPS signals to your phone allowing the player to “walk around” the real world using a gaming joystick.

Just about everything about this looks right to us. They’re transmitting radio signals and are doing the responsible thing by using an RF shield box that includes a GPS antenna. Hardware setup means popping the phone inside and hooking up the signal generator and GPS evaluation hardware. Google Earth then becomes the navigation interface — a joystick allows for live player movements, coordinates are converted to GPS signals which are transmitted inside of the box.

Now, we did say “just about right”. First off, that RF shielding box isn’t going to stop your fake GPS signals when you leave the lid open (done so they can get at the phone’s touchscreen). That can probably be forgiven for the prototype version, but it’s that accelerometer data that is a bigger question mark.

When we looked at the previous SDR-based RF spoofing and the Xcode GPS cheats for Pokemon Go there were a number of people leaving comments that Niantic, the devs responsible for Pokemon Go, will eventually realize you’re cheating because accelerometer data doesn’t match up to the amount of GPS movement going on. What do you think? Is this app sophisticated enough to pick up on this type of RF hacking?

Continue reading “We Declare The Grandmaster Of Pokemon Go GPS Cheats”

Cory Doctorow Rails Against Technological Nihilism; Wants You to Have Hope

I was skeptical about a two hour block allotted for Cory Doctrow’s keynote address at HOPE XI. I’ve been to Operas that are shorter than that and it’s hard to imagine he could keep a huge audience engaged for that long. I was incredibly wrong — this was a barnburner of a talk. Here is where some would make a joke about breaking out the rainbows and puppies. But this isn’t a joke. I think Cory’s talk helped me understand why I’ve been feeling down about our not-so-bright digital future and unearthed a foundation upon which hope can grow.

Continue reading “Cory Doctorow Rails Against Technological Nihilism; Wants You to Have Hope”

Hands-on the AND!XOR Unofficial DEF CON Badge

DEF CON 24 is still about two weeks away but we managed to get our hands on a hardware badge early. This is not the official hardware — there’s no way they’d let us leak that early. Although it may be unofficial in the sense that it won’t get you into the con, I’m declaring the AND!XOR badge to be officially awesome. I’ll walk you through it. There’s also a video below.

Over the past several years, building your own electronic badge has become an impromptu event. People who met at DEF CON and have been returning year after year spend the time in between coming up with great ideas and building as many badges as they can leading up to the event. This is how I met the trio who built this badge — AND!XORAndrew Riley, and Jorge Lacoste — last year they invited me up to their room where they were assembling the last of the Crypto Badges. Go check out my guide to 2015 Unofficial DEF CON badges for more on that story (and a video of the AM transmissions that badge was capable of).

The outline is this year’s badge is of course Bender from Futurama. Both eyes are RGB LEDs, with another half dozen located at different points around his head. The microcontroller, an STM32F103 ARM Cortex-M0 Cortex-M3, sits in a diamond pattern between his eyes. Above the eyes you’ll find 16 Mbit of flash, a 128×64 OLED screen, and a reset button. The user inputs are five switches and the badge is powered by three AA batteries found on the flip side.


That alone makes an interesting piece of hardware, but the RFM69W module makes all of the badges interactive. The spring coming off the top of Bender’s dome is a coil antenna for the 433 MHz communications. I only have the one badge on hand so I couldn’t delve too deeply what interactive tricks a large pool of badges will perform, but the menu hints at a structure in place for some very fun and interesting applications.

Continue reading “Hands-on the AND!XOR Unofficial DEF CON Badge”

BitCluster Brings a New Way to Snoop Through BitCoin Transactions

Mining the wealth of information in the BitCoin blockchain is nothing new, but BitCluster goes a long way to make sense of the information you’ll find there. The tool was released by Mathieu Lavoie and David Decary-Hetu, PH.D. on Friday following their talk at HOPE XI.

I greatly enjoyed sitting in on the talk which began with some BitCoin basics. The cryptocurrency uses user generated “wallets” which are essentially addresses that identify transactions. Each is established using key pairs and there are roughly 146 million of these wallets in existence now

If you’re a thrifty person you might think you can get one wallet and use it for years. That might be true of the sweaty alligator-skin nightmare you’ve had in your back pocket for a decade now. It’s not true when it comes to digital bits —  they’re cheap (some would say free). People who don’t generate a new wallet for every transaction weaken their BitCoin anonymity and this weakness is the core of BitCluster’s approach.

Every time you transfer BitCoin (BTC) you send the network the address of the transaction when you acquired the BTCs and sign it with your key to validate the data. If you reuse the same wallet address on subsequent transactions — maybe because you didn’t spend all of the wallet’s coins in one transaction or you overpaid and have the change routed back to your wallet. The uniqueness of that signed address can be tracked across those multiple transactions. This alone won’t dox you, but does allow a clever piece of software to build a database of nodes by associating transactions together.

Mathieu’s description of first attempts at mapping the blockchain were amusing. The demonstration showed a Python script called from the command line which started off analyzing a little more than a block a second but by the fourth or fifth blocks hit the process had slowed to a standstill that would never progress. This reminds me of some of the puzzles from Project Euler.

bitcluster-how-it-worksAfter a rabbit hole of optimizations the problem has been solved. All you need to recreate the work is a pair of machines (one for Python one for mondoDB) with the fastest processors you can afford, a 500 GB SSD, 32 GB of RAM (but would be 64 better), Python 64-bit, and at least a week of time. The good news is that you don’t have to recreate this. The 200GB database is available for download through a torrent and the code to navigate it is up on GitHub. Like I said, this type of blockchain sleuthing isn’t new but a powerful open source tool like this is.

Both Ransomware and illicit markets can be observed using this technique. Successful, yet not-so-cautious ransomers sometimes use the same BitCoin address for all payments. For example, research into a 2014 data sample turned up a ransomware instance that pulled in $611k (averaging $10k per day but actually pulling in most of the money during one three-week period). If you’re paying attention you know using the same wallet address is a bad move and this ransomware was eventually shut down.

Illicit markets like Silk Road are another application for BitCluster. Prior research methods relied on mining comments left by customers to estimate revenue. Imagine if you had to guess at how well Amazon was doing reading customer reviews and hoping they mentioned the price? The ability to observe BTC payment nodes is a much more powerful method.

A good illicit market won’t use just one wallet address. But to protect customers they use escrow address and these do get reused making cluster analysis possible. Silk Road was doing about $800k per month in revenue at its height. The bulk of purchases were for less than $500 with only a tiny percentage above $1000. But those large purchases were likely to be drug purchases of a kilo or more. That small sliver of total transactions actually added up to about a third of the total revenue.

bitcluster-logoIt’s fascinating to peer into transactions in this manner. And the good news is that there’s plenty of interesting stuff just waiting to be discovered. After all, the blockchain is a historical record so the data isn’t going anywhere. BitCluster is intriguing and worth playing with. Currently you can search for a BTC address and see total BTC in and out, then sift through income and expense sorted by date, amount, etc. But the tool can be truly great with more development. On the top of the wishlist are automated database updates, labeling of nodes (so you can search “Silk Road” instead of a numerical address), visual graphs of flows, and a hosted version of the query tool (but computing power becomes prohibitive.)

Bunnie and EFF Sue US Government over DMCA 1201

This morning Bunnie Huang wrote about his reasons for suing the US Government over Section 1201 of the Digital Millennium Copyright Act (DMCA).

The DMCA was enacted in 1996 and put in place far-reaching protections for copyright owners. Many, myself included, think these protections became far-overreaching. The DMCA, specifically section 1201 of the act which is known as the anti-circumvention provision, prohibits any action that goes around mechanisms designed to protect copyrighted material. So much has changed since ’96 — software is now in every device and that means section 1201 extends to almost all electronics sold today.

So protecting copyright is good, right? If that were the only way section 1201 was enforced that might be true. But common sense seems to have gone out the window on this one.

If you legally purchase media which is protected with DRM it is illegal for you to change the format of that media. Ripping your DVD to a digital file to view on your phone while on the plane (something usually seen as fair use) is a violation. Want to build an add-on for you home automation system but need to reverse engineer the communications protocol first? That’s a violation. Perhaps the most alarming violation: if you discover a security vulnerability in an existing system and report it, you can be sued under DMCA 1201 for doing so.

Cory Doctorow gave a great talk at DEF CON last year about the Electronic Frontier Foundation’s renewed push against DMCA 1201. The EFF is backing Bunnie on this lawsuit. Their tack argues both that section 1201 is stiffling innovation and discouraging meaningful security research.

If it’s illegal to write about, talk about, or even privately explore how electronics are built (and the ecosystem that lets them function) it’s hard to really master creating new technology. A successful lawsuit must show harm. Bunnie’s company, Alphamax LLC, is developing hardware that can add an overlay to an HDMI signal (which sounds like the continuation of the hack we saw from him a few years ago). But HDCP would prevent this.

Innovation aside, the security research angle is a huge reason for this law (or the enforcement of it) to change. The other plaintiff named in the suit, Matthew Green, had to seek an exemption from the DMCA in order to conduct his research without fear of prosecution. Currently there is a huge disincentive to report or even look for security vulnerabilities, and that is a disservice to all. Beneficial security research and responsible disclosure need to be the top priority in our society which is now totally dependent on an electronically augmented lifestyle.

Hackers on Planet Earth — We’ll Be There!

This weekend, Hackaday will be rolling into New York for the Eleventh HOPE. This biyearly conference draws hackers from all around the globe. There’s a ton going on at HOPE: talks, hardware hacking, workshops, and pretty much everything else you might be interested in. But really, this gathering which was founded by 2600 in ’94, is where you go to meet and hang out with other hackers. And we want to hang out with you.

Pre-sale tickets are gone. But if you don’t have a ticket yet there are a limited number still available at the door. We’re happy that Hackaday is a sponsor of HOPE this year and for that we have a spot in the vendor’s area. We’re not selling anything — we’re actually reverse-vending. We want you to stop by and show us your hacks!

Hackaday Meetups at HOPE

Find us in the vendor area for two meetups: Saturday 2:30-5:00 (after Cory Doctorow’s keynote) and Sunday 11:00-1:00 2:30-5:00. We’ll be there with our cameras at the ready so don’t forget to bring your hacks. We’re always hungry to hear interesting stories which will end up on the front page for all to enjoy.

We have swag like Hackaday and Tindie stickers, and dev boards to give away from our Hackaday Prize sponsors Atmel and Microchip. During the two meetup times we’ll have munchies (Hackaday branded of course) and a limited supply of T-shirts. Come early and come often.

Brian Benchoff and Mike Szczys will be on hand covering the best the convention has to offer. Hit us up on those Twitter links if you want to get our attention. Sophi Kravitz, Aleksandar Bradic, and Shayna Gentiluomo will also be there, so stop by whenever and hang out with us. Our spot in the vendor area will be open the whole weekend.

We are always looking for awesome things to do in addition to what’s on the official agenda. The meetup on Saturday is the place to get the inside scoop on those plans. Whether you’re going to be at HOPE or not, we’d love to hear from you in the comments. Let us know about any talks we shouldn’t miss, any hackers we should track down and interview, and any of those extra curricular activities for a bunch of hackers in the middle of Manhattan on a hot July night.